// filesec.cpp
//***************************************************************
// From the book "Win32 System Services: The Heart of Windows 98
// and Windows 2000"
// by Marshall Brain
// Published by Prentice Hall
//
// Copyright 1995, by Prentice Hall.
//
// This code creates a file that only the Guest account
// can access. THE DRIVE MUST BE FORMATTED WITH NTFS FOR THIS
// CODE TO WORK.
//***************************************************************
#include <windows.h>
#include <iostream.h>

SECURITY_ATTRIBUTES sa;
SECURITY_DESCRIPTOR sd;
BYTE aclBuffer[1024];
PACL pacl=(PACL)&aclBuffer;
BYTE sidBuffer[100];
PSID psid=(PSID) &sidBuffer;
DWORD sidBufferSize = 100;
char domainBuffer[80];
DWORD domainBufferSize = 80;
SID_NAME_USE snu;
HANDLE file;

void main(void)
{
  InitializeSecurityDescriptor(&sd,SECURITY_DESCRIPTOR_REVISION);

  InitializeAcl(pacl, 1024, ACL_REVISION);
  
  LookupAccountName(0, "guest", psid, &sidBufferSize, domainBuffer, &domainBufferSize, &snu);

  AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_READ, psid);

  SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE);

  sa.nLength               = sizeof(SECURITY_ATTRIBUTES);
  sa.bInheritHandle        = FALSE;
  sa.lpSecurityDescriptor  = &sd;

  file = CreateFile("c:\\testfile", GENERIC_READ | GENERIC_WRITE, 0, &sa, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0);
  CloseHandle(file);
}